The United States Department of Justice (DOJ) has unveiled charges against a Russian national accused of orchestrating a crypto-ransomware scheme that targeted US infrastructure. According to a press release issued on May 16, the DOJ has unsealed two indictments against the individual.
The attacks were directed at numerous victims across the United States, including law enforcement agencies in Washington, D.C., and New Jersey, as well as entities in the healthcare sector and other industries nationwide.
The accused is Mikhail Pavlovich Matveev, who went by various aliases such as Wazawaka, m1x, Boriselcin, and Uhodiransomwar. The attacks date back to 2020, and the ransomware variants employed were LockBit, Babuk, and Hive. Matveev reportedly demanded up to $400 million in ransom payments and managed to steal around $200 million.
Assistant Attorney General Kenneth A. Polite, Jr. from the DOJ's Criminal Division commented on the case, stating that Matveev allegedly used different ransomware variants to target critical infrastructure globally, including hospitals, government agencies, and other sectors. The international nature of these crimes necessitates a coordinated response, and the DOJ remains committed to holding the most egregious cyber criminals accountable.
Matveev, also known as Wazawaka, has garnered attention in the cybercrime world due to his controversial actions. In 2022, he gained notoriety by publicly posting exploit codes, taunting researchers and journalists. Selfies and videos associated with Matveev started circulating online as publishers sought to expose his identity. His brash behavior and lack of caution appear to have contributed to the law enforcement action taken against him.
While Matveev's case highlights the alleged involvement of Russian nationals in cyberattacks utilizing cryptocurrencies, it is essential to note that not all actors have negative intentions. In 2022, a Russian hacker dubbed "Robin Hood" made headlines for stealing funds from Russian law enforcement and donating them to Ukraine. However, the identity of this individual remains anonymous, creating intrigue within the crypto community regarding their motivations and actions.